Open fzxen opened 1 week ago
How do you envision a development workflow going with git-branch-lockfile
set to true
? Would a large number of branch-specific lockfiles get checked in to the main branch, to be rationalized later?
This also sounds like it would complicates Rush's detection of whether the lockfile is out-of-date.
Would you be interested in putting together a prototype?
@iclanton
How do you envision a development workflow going with git-branch-lockfile set to true? Would a large number of branch-specific lockfiles get checked in to the main branch, to be rationalized later?
What I currently envision is that when the personal branch is merged into the main branch, a job will be triggered, which will merge all lockflles of the main branch by set merge-git-branch-lockfiles-branch-pattern[]=<main branch>
in .npmrc.
This also sounds like it would complicates Rush's detection of whether the lockfile is out-of-date. Would you be interested in putting together a prototype?
I deeply agree with your concern. I'm going to take time to study it.
Summary
We are trying to migrate the repository to rush. The bad thing is that pnpm lockfile is more likely to conflict than yarn lockfile. Our repo has been suffering from conflict problem recently.
I found that pnpm will carry the information of peerDependencies in the lockfile, and the information is on the same line. if someone change the version of
@rushstack/heft
, anthoer change the version of@type/node
. Conflicts will happen, because they change the same line.I found that pnpm has the git branch lockfile feature that can completely solves conflict problem even though it brings some challenges to code review. However, it can't be used in rush.
Details
Git branch lockfile can completely solves the conflict problem. However, I can't use this feature in rush. It will cause "rush install" to be unusable When I execute the
rush install
command, the rush will throw an error:The shrinkwrap file is out of date. You need to run "rush update". Because pnpm-lock.yaml is not match with package.json and rush did not recognize local branch files like pnpm-lock.xxx.yaml.I have also tried other ways to reduce the probability of conflict:
highest
totimed-based
. This method can reduce the occurrence of dependencies being bumped.